NYU Data Breach Exposes Millions of Applicant Records

Hacker Infiltrates New York University’s Systems

Timeline of the Intrusion

A hacker seized control of New York University (NYU) for approximately two hours, defacing the official homepage and exposing over 3 million applicant records spanning back to 1989. During this window, the attacker publicly displayed sensitive data, highlighting the university’s vulnerability to targeted cyberattacks.

Scope of the Stolen Information

  
Personal and Academic Details

The breach compromised the personal details of applicants, including:

 
- Names  
- Standardized test scores  
- Fields of study  
- Family background information  
- Financial aid data

The attacker went a step further by publishing graphs on NYU’s website, showing how scores were distributed by ethnic groups among the 2024–2025 admissions cycle applicants.

Motive Behind the Attack

The hacker claimed to be exposing NYU’s affirmative action policy, even though the U.S. Supreme Court had already overturned race-based admissions considerations in June 2023. By highlighting applicant data sorted by ethnicity, the attacker sought to critique—or at least draw attention to—these admissions practices.

University Response and Investigation

NYU quickly reported the incident to law enforcement agencies and enacted countermeasures to remove the hacker from the network. The university issued a statement confirming the breach, outlining steps taken to secure its systems and promising continued collaboration with authorities to identify the individual or group responsible.